Abstract
Increasingly complex systems lead to an interweaving of security, safety, availability and reliability concerns. Most dependability analysis techniques do not include security aspects. In order to include security, a holistic risk model for systems is needed. In our novel approach, the basic failure cause, failure mode and failure effect model known from FMEA is used as a template for a vulnerability cause-effect chain, and an FMEA analysis technique extended with security is presented. This represents a unified model for safety and security cause-effect analysis. As an example the technique is then applied to a distributed industrial measurement system.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Dong-bo Pan, F.L.: Influence between Safety and Security. In: 2nd IEEE Conference on Industrial Electronics and Applications, ICIEA 2007, pp. 1323–1325 (2007)
Lautieri, S.: De-risking safety [military safety systems]. Computing and Control Engineering 17, 38–41 (2006)
IEC 60812: Analysis Techniques for System Reliability – Procedure for Failure Mode and Effects Analysis (FMEA). International Electrotechnical Commission
MIL-P-1629: Procedures for Performing a failure mode, effects and Criticality analysis. Department of Defense (US)
Reifer, D.J.: Software Failure Modes and Effects Analysis. IEEE Transactions on Reliability 28(3), 247–249 (1979)
Jacob, N.J.S., Stadler, J.: Software Failure Modes and Effects Analysis. In: 2013 Proceedings-Annual Reliability and Maintainability Symposium (RAMS), pp. 1–5 (2013)
Haapanen Pentti, H.A.: Failure Mode and Effects Analysis of Software-Based Automation Systems. STUK-Y TO-TR-19 0, vol. 2, p. 2 (August 2002)
IEC 61508, Functional Safety of Electrical/Electronic/Programmable Electronic Safety-related Systems (E/E/PE, or E/E/PES). International Electrotechnical Commission (2010)
IEC 62443: Industrial communication networks - Network and system security. International Electrotechnical Commission
Gorbenko, A., Kharchenko, V., Tarasyuk, O., Furmanov, A.: F(I)MEA-technique of web services analysis and dependability ensuring. In: Butler, M., Jones, C.B., Romanovsky, A., Troubitsyna, E. (eds.) Rigorous Development of Complex Fault-Tolerant Systems. LNCS, vol. 4157, pp. 153–167. Springer, Heidelberg (2006)
Haapanen, P., Helminen, A.: Failure mode and effects analysis of software-based automation systems. In: Radiation and Nuclear Safety Authority, Helsinki, Finland (2002)
Frank Swiderski, W.S.: Threat Modeling. Microsoft Press (2004)
Laprie, J.-C.: Dependable Computing: Concepts, Limits, Challenges. Digest of Papers FTCS-15, 2–11 (1985)
ISO/IEC:27002: Information technology - security techniques - Code of practice for information security management. International Organization for Standardization (ISO), International Electrotechnical Commission (IEC)
ISO/IEC 27005, Information technology — Security techniques — Information security risk management. International Organization for Standardization (ISO), International Electrotechnical Commission, IEC (2008)
Microsoft, “Security Development Lifecycle,” Microsoft (2010)
Tehranipoor, M., Koushanfar, F.: A survey of hardware Trojan taxonomy and detection (2009)
Shostack., A., Lambert., S., Ostwald., T., Hernan, S.: Uncover Security Design Flaws Using The STRIDE Approach. MSDN Magazine (2006)
Powell, D., Stroud, R., et al.: Conceptual model and architecture of MAFTIA. Technical Report Series-University of Newcastle Upon Tyne Computing Science (2003)
Eric Byres, J.L.: The Myths and Facts behind Cyber Security Risks for Industrial Control Systems. British Columbia Institute of Technology (2004)
Wilhoit, K.: Who’s Really Attacking Your ICS Equipment. Trend Micro Incorporated (2013)
Viola, N., Corpino, S., Stesina, F., Fioriti, M.: Functional Analysis in Systems Engineering: methodology and applications (2012)
Meyer, U., Wetzel, S.: On the impact of GSM encryption and man-in-the-middle attacks on the security of interoperating GSM/UMTS networks. In: 15th IEEE International Symposium on Personal, Indoor and Mobile Radio Communications, PIMRC 2004, vol. 4, pp. 2876–2883 (2004)
Steiner, M., Liggesmeyer, P.: Combination of Safety and Security Analysis - Finding Security Problems That Threaten The Safety of a System. In: SAFECOMP 2013 - Workshop DECS (ERCIM/EWICS Workshop on Dependable Embedded and Cyber-physical Systems) of the 32nd International Conference on Computer Safety, Reliability and Security (2013)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2014 Springer International Publishing Switzerland
About this paper
Cite this paper
Schmittner, C., Gruber, T., Puschner, P., Schoitsch, E. (2014). Security Application of Failure Mode and Effect Analysis (FMEA). In: Bondavalli, A., Di Giandomenico, F. (eds) Computer Safety, Reliability, and Security. SAFECOMP 2014. Lecture Notes in Computer Science, vol 8666. Springer, Cham. https://doi.org/10.1007/978-3-319-10506-2_21
Download citation
DOI: https://doi.org/10.1007/978-3-319-10506-2_21
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-10505-5
Online ISBN: 978-3-319-10506-2
eBook Packages: Computer ScienceComputer Science (R0)